Security as a strategic pillar of organizational management

The latest event organized by the Czech Association of Information Technology Managers (CACIO), which brings together leading Czech IT leaders, had a long but telling title . This time , the seminar focused on the topic of security from the perspective of company and organization management.

Strategic thinking in the context of security should now be an integral part of the modern approach to managing companies and organizations. At a time when technology is advancing rapidly, cyber attacks are on the rise, and complex regulatory requirements must be met, security is growing beyond the purely technical level and the area traditionally perceived as "IT matters" into the realm of corporate management.

The reasons are fairly easy to describe—froma business perspective, there are unpleasant consequences, whether it be costly corrections of errors or even more costly repairs after attacks, loss of reputation, credibility for the cooperating supply chain, or, conversely, a competitive advantage.

How to integrate security into corporate strategy, how to manage risks, how to set up processes and organizational culture so that it is resistant to external and internal threats, was the subject of the recent seminar, wherecurrent trends, proven tools, and best practices were also discussed.

The event featured interesting presentations on topics such as the vulnerability of critical infrastructure in relation to various outages, automation, SOC, AI, and supply chain management. It also touched on the topic of post-quantum cryptography, which we discussed with ITS at our last meeting.

We have been working with CACIO for a long time, and this time our development expert Michal Zyka has prepared a contribution on the topic of secure DevOps, or – another of our favorite acronyms – DevSecOps.

How doesthe "development train" work, what do terms such as shift left and shift right mean in development, why should you have a Security Champion role in your team, and what can be monitored in general – and what specifically do we monitor in the individual stages of development up to production launch? We shared our perspective on these topics with an expert audience. In the end, our CEO Lumír Srch brilliantly took over the presentation, which had been disrupted by illness, and gave the audience the most he could from the prepared "development ride."

DevSecOps is one of the important components of our overall approach to security and its layers. And the aforementioned sharing of experience, knowledge, and proven practices is also our way of navigating the labyrinth known as cybersecurity. We were happy to contribute, thank you.